10016933-1 
George S. Gales, et al. 
System and Method of Defining the Security 
Condition of a Computer System 
1/3 
CLIENT 



ATTACKER 



10 



FIG. 1 



20a 



20b 



20c 



20d 



20n 



□ 



a 



□ 



□ 



TARGET 



30 



200 

A 



|j^fleJ 



202 



VDL 
INTERPRETER 



ft 



204- 



CONFIGURATION 
DATABASE 



FIG. 3 



207- 



209- 



208- 



INTRUSION DETECTION 
APPLICATION 

~T~ 



OS 



HOST 
APPLICATIONS 



VULNERABILITY 
ASSESSMENT 
APPLICATION 



21Q _^ | NETWORK DRIVER 

\ 

212 



10016933-1 
George S. Gales, et al. 
System and Method of Defining the Security 
Condition of a Computer System 
2/3 






DNS 




MAIL 




DATABASE 




FILE 


70^" 


SERVER 


71-^ 


SERVER 




SERVER 


^-72 


SERVER 



INLINE/HOST 
IPS 

/ 

100 



INLINE/HOST 
IPS 



INLINE/HOST 
IPS 



INLINE/HOST 
IPS 



FIG. 2 



10016933-1 
George S. Goles, et al. 
System and Method of Defining the Security 
Condition of a Computer System 
3/3 




-*-> Q_ 
X C 03 

E 

> >^-= _£ a o S 3 

IlZCLCLCLQUliliZiZWQ. 









Q E 




E z 


c: 
cn 
n 


ecuri 
LLNa 
bject 


Q_ 


CO Q O 



5 



^ 2- 

o o 

CP CP 



Q Q ~Z- q c 



29 |2^2o|£ _ i 
= "^S"op p p 8 B £ 1= ■§ s ! 

»COCCOOOOQ.Q-COOQ<CI- 







(Display 








Q 


SUJ 


ediatc 


Q ^3 5 'J 
>v r- TO CO 


term 


.-;=;£ o 3 >^ 
t- □ <u < a 

o ^ S E o- 
a> O O =3 .<2 




CO CJ O Z Q 



splayStrings 




escriptions 


3 :' 




c .2 .2 .2 o 
.2 ~o_ ~o_ "o_ *~q_ 


!; 

If 

E "1 


layString 


iberOfAddi 
blemDescr 
)lemDescr 
DlemDescr 
DlemDescr 


Gen> 


Disr. 
Rule 
Nun 
Prol 
Prol 
Prol 
Prol 





O 


tior 






E £ 


Q 




E 


E E E 


Dtfo 


Jtfo 

3tf0 

□tfo 


Q_ 


Q. D_ Q_ 



